This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
documentation:server-install-aducid [2018/06/26 00:13] mpospisek created |
— (current) | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== ADUCID software ====== | ||
- | ===== File and directory preparation ===== | ||
- | |||
- | Directories for aducid-aaa-modules | ||
- | |||
- | AAA modules need the following directories are created before installation: | ||
- | <codedoc code: | ||
- | mkdir / | ||
- | mkdir / | ||
- | mkdir / | ||
- | mkdir / | ||
- | mkdir / | ||
- | mkdir / | ||
- | mkdir / | ||
- | </ | ||
- | |||
- | Files for aducid-aaa-modules | ||
- | |||
- | Please adjust your server hostname in these files, as indicated. | ||
- | <codedoc code: | ||
- | # A. File / | ||
- | # -------------------------------------------------- | ||
- | # cat / | ||
- | # | ||
- | # This file can be used to set additional environment variables for | ||
- | # the httpd process, or pass additional options to the httpd | ||
- | # executable. | ||
- | # | ||
- | # Note: With previous versions of httpd, the MPM could be changed by | ||
- | # editing an " | ||
- | # variable is now ignored. | ||
- | # choice of MPM can be changed by editing the configuration file | ||
- | # / | ||
- | # | ||
- | |||
- | # | ||
- | # To pass additional options (for instance, -D definitions) to the | ||
- | # httpd binary at startup, set OPTIONS here. | ||
- | # | ||
- | #OPTIONS= | ||
- | |||
- | # | ||
- | # This setting ensures the httpd process is started in the " | ||
- | # by default. | ||
- | # case-sensitive string comparisons are performed in a different | ||
- | # locale.) | ||
- | # | ||
- | OPENAAA_PROTOCOL=aaa | ||
- | OPENAAA_HANDLER=/ | ||
- | OPENAAA_AUTHORITY=your.server.dnsname | ||
- | |||
- | # cat / | ||
- | [Unit] | ||
- | Description=The ADUCID Apache HTTP Server | ||
- | After=network.target remote-fs.target nss-lookup.target | ||
- | |||
- | [Service] | ||
- | # | ||
- | Type=forking | ||
- | EnvironmentFile=/ | ||
- | ExecStart=/ | ||
- | ExecReload=/ | ||
- | ExecStop=/ | ||
- | # We want systemd to give httpd some time to finish gracefully, but still want | ||
- | # it to kill httpd after TimeoutStopSec if something went wrong during the | ||
- | # graceful stop. Normally, Systemd sends SIGTERM signal right after the | ||
- | # ExecStop, which would kill httpd. We are sending useless SIGCONT here to give | ||
- | # httpd time to finish. | ||
- | # | ||
- | # | ||
- | |||
- | [Install] | ||
- | WantedBy=multi-user.target | ||
- | |||
- | |||
- | # B. File / | ||
- | # --------------------------------- | ||
- | # cat / | ||
- | # | ||
- | # This file can be used to set additional environment variables for | ||
- | # the httpd process, or pass additional options to the httpd | ||
- | # executable. | ||
- | # | ||
- | # Note: With previous versions of httpd, the MPM could be changed by | ||
- | # editing an " | ||
- | # variable is now ignored. | ||
- | # choice of MPM can be changed by editing the configuration file | ||
- | # / | ||
- | # | ||
- | |||
- | # | ||
- | # To pass additional options (for instance, -D definitions) to the | ||
- | # httpd binary at startup, set OPTIONS here. | ||
- | # | ||
- | #OPTIONS= | ||
- | |||
- | # | ||
- | # This setting ensures the httpd process is started in the " | ||
- | # by default. | ||
- | # case-sensitive string comparisons are performed in a different | ||
- | # locale.) | ||
- | # | ||
- | OPENAAA_PROTOCOL=aaa | ||
- | OPENAAA_HANDLER=/ | ||
- | OPENAAA_AUTHORITY=your.server.dnsname | ||
- | |||
- | |||
- | # C. File / | ||
- | # ---------------------------------- | ||
- | # cat / | ||
- | [Unit] | ||
- | Description=The ADUCID Apache HTTP Server | ||
- | After=network.target remote-fs.target nss-lookup.target | ||
- | |||
- | [Service] | ||
- | # | ||
- | Type=forking | ||
- | EnvironmentFile=/ | ||
- | ExecStart=/ | ||
- | ExecReload=/ | ||
- | ExecStop=/ | ||
- | # We want systemd to give httpd some time to finish gracefully, but still want | ||
- | # it to kill httpd after TimeoutStopSec if something went wrong during the | ||
- | # graceful stop. Normally, Systemd sends SIGTERM signal right after the | ||
- | # ExecStop, which would kill httpd. We are sending useless SIGCONT here to give | ||
- | # httpd time to finish. | ||
- | # | ||
- | # | ||
- | |||
- | [Install] | ||
- | WantedBy=multi-user.target | ||
- | |||
- | # D. File / | ||
- | # --------------------------------- | ||
- | # cat / | ||
- | #!/bin/bash | ||
- | export OPENAAA_PROTOCOL=aaa | ||
- | export OPENAAA_HANDLER=/ | ||
- | export OPENAAA_AUTHORITY=`hostname` | ||
- | |||
- | # E. Just check contents of the file / | ||
- | # ------------------------------------------------------------- | ||
- | |||
- | # cat / | ||
- | #!/bin/bash -x | ||
- | # | ||
- | # Start stop or restart the ADUCID-AAA service | ||
- | # | ||
- | |||
- | # PATH=/ | ||
- | RETVAL=0 | ||
- | |||
- | # Check that networking is up. | ||
- | . / | ||
- | |||
- | |||
- | usage () | ||
- | { | ||
- | echo $" | ||
- | RETVAL=2 | ||
- | } | ||
- | |||
- | |||
- | start () | ||
- | { | ||
- | / | ||
- | / | ||
- | } | ||
- | |||
- | stop () | ||
- | { | ||
- | / | ||
- | kill -9 `cat / | ||
- | } | ||
- | |||
- | |||
- | restart () | ||
- | { | ||
- | stop | ||
- | start | ||
- | } | ||
- | |||
- | |||
- | case " | ||
- | stop) stop ;; | ||
- | status) status ;; | ||
- | start|restart|reload|force-reload) restart ;; | ||
- | *) usage ;; | ||
- | esac | ||
- | |||
- | exit $RETVAL | ||
- | </ | ||
- | |||
- | |||
- | ===== Installation ===== | ||
- | |||
- | |||
- | Do one of the following: | ||
- | |||
- | * Connect the ADUCID Server Kit DVD to virtual machine and mount it to / | ||
- | * Copy the repository directory from the ADUCID Server Kit DVD to / | ||
- | |||
- | Install and run the aducid-installer script | ||
- | <codedoc code: | ||
- | cd / | ||
- | yum localinstall aducid-repository | ||
- | yum localinstall aducid-installer | ||
- | aducid-installer | ||
- | </ | ||
- | |||
- | The aducid-installer script (see / | ||
- | |||
- | hostname. Preferably whole DNS name. | ||
- | service provider ID, AIM machine inner identification. DNS hostname is a good candidate. | ||
- | icon file. 40x40 .png Will be seen on client PEIGs. This can be changed anytime, files are located in / | ||
- | replication password. In fact, DB access password for account created during install | ||
- | |||
- | ===== Post-install checks ===== | ||
- | ==== Certificates ==== | ||
- | |||
- | Certificates for SSL comunication (like other parameters of SSL/TLS comunication) need to be set in / | ||
- | <codedoc code: | ||
- | SSLCertificateFile | ||
- | SSLCertificateKeyFile | ||
- | SSLCertificateChainFile / | ||
- | SSLCACertificateFile | ||
- | </ | ||
- | |||
- | Other certificates used by ADUCID server are listed in / | ||
- | <codedoc code: | ||
- | PUBLIC_KEY=/ | ||
- | PRIVATE_KEY=/ | ||
- | </ | ||
- | |||
- | It is recommended to restart the server after installation. | ||
- | ==== Component checks ==== | ||
- | |||
- | |||
- | After restart, check main status of main components. | ||
- | postinstall checks | ||
- | <codedoc code: | ||
- | orange-d3:~ root$ systemctl -l status httpd24-httpd.service | ||
- | ● httpd24-httpd.service - The Apache HTTP Server | ||
- | | ||
- | | ||
- | Main PID: 913 (httpd) | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | |||
- | Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com [1697]: id=a6ae3724b541fb22127a207882e99ee2d1b0c762922ceff78dd4839872a712ab hash=8112 index=0 | ||
- | Jun 25 23:03:03 orange-d3.aducid.com [1697]: 127.0.0.1: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com [1697]: 127.0.0.1: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg:alert write: | ||
- | |||
- | # do not be confused with the following message: "The ADUCID Apache HTTP Server" | ||
- | orange-d3:~ root$ systemctl -l status aducid-aaa.service | ||
- | ● aducid-aaa.service - The ADUCID Apache HTTP Server | ||
- | | ||
- | | ||
- | Process: 890 ExecStart=/ | ||
- | Main PID: 901 (aaa) | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | |||
- | Jun 25 23:03:03 orange-d3.aducid.com aaa[906]: sess.created: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com aaa[906]: sess.modified: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com aaa[906]: sess.expires: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com aaa[906]: 127.0.0.1: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: 127.0.0.1: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: sess.id: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: sess.created: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: sess.modified: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: sess.expires: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: 127.0.0.1: | ||
- | |||
- | orange-d3:~ root$ systemctl -l status tomcat9.service | ||
- | ● tomcat9.service - Apache Tomcat 9.0.6 Servlet Container | ||
- | | ||
- | | ||
- | Process: 887 ExecStart=/ | ||
- | Main PID: 921 (java) | ||
- | | ||
- | | ||
- | |||
- | Jun 25 22:54:50 orange-d3.aducid.com systemd[1]: Starting Apache Tomcat 9.0.6 Servlet Container... | ||
- | Jun 25 22:54:50 orange-d3.aducid.com tomcat-startup.sh[887]: | ||
- | Jun 25 22:54:50 orange-d3.aducid.com tomcat-startup.sh[887]: | ||
- | Jun 25 22:54:50 orange-d3.aducid.com systemd[1]: Started Apache Tomcat 9.0.6 Servlet Container. | ||
- | </ | ||
- | |||
- | ==== Compoment log checks ==== | ||
- | |||
- | |||
- | The system is fully ready after tomcat server start. This can be checked by looking into tomcat' | ||
- | tomcat log | ||
- | |||
- | <codedoc code: | ||
- | orange-d3:~ root$ tail -f / | ||
- | Not found in ' | ||
- | Not found in SystemResource Directory/ | ||
- | Not found in ' | ||
- | Loading validation.properties via file I/O failed. | ||
- | Attempting to load validation.properties via the classpath. | ||
- | SUCCESSFULLY LOADED validation.properties via the CLASSPATH from '/ (root)' | ||
- | 25-Jun-2018 22: | ||
- | 25-Jun-2018 22: | ||
- | 25-Jun-2018 22: | ||
- | 25-Jun-2018 22: | ||
- | </ | ||
- | |||
- | Other log files: | ||
- | * AIM: / | ||
- | * tomcat9.service: | ||
- | * aducid-aaa.service / | ||
- | * httpd24-httpd.service / | ||
- | |||
- | |||
- | RPM Component summary | ||
- | aducid-configurator.rpm installation and config script | ||
- | aducid-repository.rpm yum repository file | ||
- | aducid-aaa-modules.rpm Apache settings for ADUCID components | ||
- | aim.rpm AIM and all basic components | ||
- | aducid-proof.rpm Identity proofing apps | ||
- | aducid-demo.rpm Demo apps | ||
- | |||
- | |||
- | |||